Main menu

Tag Archives: Vulnerability Scan

I routinely use Nessus to scan for vulnerability on the network. I have a relatively complex network with dozens of vlans, so the number of hosts comes out to be enormous. If I enter the entire network address range in Nessus, it will take Nessus days to complete the scan. On top of that, some of the services are so sensitive to network latency (such as database sync) that alerts and problems start to happen during Nessus scan. So I ended up dialing the scan setting to a slower pace to avoid causing too much stress on the network, and the scan now takes much longer to complete. I also noticed that Nessus will scan non-existing hosts across a firewall just the same as real hosts, thus wasting a lot of time on it. Perhaps firewall denying connection somehow caused Nessus to believe there is a real host behind it.

In order to solve this issue, I use nmap to do a quick scan first and then feed the discovered IP addresses to Nessus. This way Nessus won’t waste any time on non-existing hosts.

Quick Ping Scan

I use a simple script to do the work.

Step 1 – In the “/home/jamie/Documents/Nessus/scan” folder, create a script named “generate_ip.sh”:

Note: the command works, but the double awk leaves much room to improve.

Example 2
Here’s another example of ping scan with some extra probes. This doesn’t take nearly as long as previous one, but covers more common ports than a simple Ping scan. A good balance between speed and accuracy.